Course Code : MCS-052

Course Title : Principles of Management and Information Systems

Assignment Number : MCA(V)/052/Assignment/15-16
Maximum Marks : 100
Weightage : 25%
Last Dates for Submission : 15th October, 2015 (For July 2015 Session)
15th April, 2016 (For January 2016 Session)

1. Differentiate between MIS and a computer system. Write characteristics of MIS.

Also, discuss the common factors which are responsible for the failure of MIS.

Answer - MIS or a 'Management Information System' does more than just an ordinary
computer system does, or at least, it has a different purpose. Businesses use management
information systems to inform them on how to resource their companies and initiatives in
the areas of people, technology and information like statistics.

6
006
0
a
i
0
n
a
i
o
n
o
o
p
l
o
iilp
n
u
ssun

The difference when compared to normal systems

Computer systems are different in the sense that they do not have such a specific
task and do not supply specific information for decision making; rather you could
define them as simply an operating system that is programmed in various ways to
allow for many different tasks. A 'Computer system' is a more general definition for
things like MISs which have also been subdivided into smaller systems with more
specific jobs.

There are 8 Characteristics of Good Management Information Systems

i. Understandable:

Since information is already in a summarized form, it must be understood by the receiver so

that he will interpret it correctly. He must be able to decode any abbreviations, shorthand
notations or any other acronyms contained in the information.
ii. Relevant:
Information is good only if it is relevant. This means that it should be pertinent and
meaningful to the decision maker and should be in his area of responsibility.
iii. Complete:
Thanks for visiting us!! Subscribe!!

Page 1

It should contain all the facts that are necessary for the decision maker to satisfactorily solve
the problem at hand using such information. Nothing important should be left out. Although
information cannot always be complete, every reasonable effort should be made to obtain
it.
iv. Available:
Information may be useless if it is not readily accessible in the desired form, when it is
needed. Advances in technology have made information more accessible today than ever
before.
v. Reliable:
The information should be counted on to be trustworthy. It should be accurate, consistent
with facts and verifiable. Inadequate or incorrect information generally leads to decisions of

6
0

poor quality. For example, sales figures that have not been adjusted for returns and refunds

0
a
i
n

are not reliable.

vi. Concise:

o
o

Too much information is a big burden on management and cannot be processed in time and

p
l
ni

accurately due to bounded rationality. Bounded rationality determines the limits of the
thinking process which cannot sort out and process large amounts of information.

u
s

Accordingly, information should be to the point and just enough no more, no less.
vii. Timely:

Information must be delivered at the right time and the right place to the right person.
Premature information can become obsolete or be forgotten by the time it is actually
needed.
Similarly, some crucial decisions can be delayed because proper and necessary information
is not available in time, resulting in missed opportunities. Accordingly the time gap between
collection of data and the presentation of the proper information to the decision maker
must be reduced as much as possible.

Thanks for visiting us!! Subscribe!!

Page 2

viii. Cost-effective:
The information is not desirable if the solution is more costly than the problem. The cost of
gathering data and processing it into information must be weighed against the benefits
derived from using such information.
Factors Contributing to Failures of MIS

Many a times MIS is a failures. The common factors which are responsible for this are listed
as follows:

The MIS is conceived as a data processing and not as an information processing

system.
The MIS does not provide that information which is needed by the managers but
it tends to provide the information generally the function calls for. The MIS then
becomes an impersonal system.
Underestimating the complexity in the business systems and not recognizing it in
the MIS design leads to problems in the successful implementation.
Adequate attention is not given to the quality control aspects of the inputs, the
process and the outputs leading to insufficient checks and controls in the MIS.
The MIS is developed without streamlining the transaction processing systems in
the organization.
Lack of training and appreciation that the users of the information and the
generators of the data are different, and they have to play an important
responsible role in the MIS.
The MIS does not meet certain critical and key factors of its users such as a
response to the query on the database, an inability to get the processing done in
a particular manner, lack of user-friendly system and the dependence on the
system personnel.
A belief that the computerized MIS can solve all the management problems of
planning and control of the business.
Lack of administrative discipline in following the standardized systems and
procedures, wrong coding and deviating from the system specifications result in
incomplete and incorrect information.
The MIS does not give perfect information to all the users in the organization.

6
0

0
a
i
n

o
o

p
l
ni

u
s

2. Write the advantages of implementing ERP. Discuss how it can be implemented in

an organisation. Also, compare it with CRM and SCM.
Thanks for visiting us!! Subscribe!!

Page 3

Answer

Advantages of ERP (Enterprise Resource Planning) System:

1. Complete visibility into all the important processes, across various departments of an
organization (especially for senior management personnel).
2. Automatic and coherent workflow from one department/function to another, to ensure a
smooth transition and quicker completion of processes. This also ensures that all the interdepartmental activities are properly tracked and none of them is missed out.
3. A unified and single reporting system to analyze the statistics/status etc. in real-time,
across all functions/departments.
4. Since same (ERP) software is now used across all departments, individual departments
having to buy and maintain their own software systems are no longer necessary.
5.

Certain

ERP

vendors

can

extend

their

ERP

systems

6
0

to

provide Business

Intelligence functionalities that can give overall insights on business processes and identify

0
a
i
n

potential areas of problems/improvements.

6. Advanced e-commerce integration is possible with ERP systems most of them can

o
o

handle web-based order tracking/ processing.

7. There are various modules in an ERP system like Finance/Accounts, Human Resource

p
l
ni

Management, Manufacturing, Marketing/Sales, Supply Chain/Warehouse Management,

CRM, Project Management, etc.

u
s

8. Since ERP is a modular software system, its possible to implement either a few modules
(or) many modules based on the requirements of an organization. If more modules
implemented, the integration between various departments may be better.
9. Since a Database system is implemented on the backend to store all the information
required by the ERP system, it enables centralized storage/back-up of all enterprise data.
10. ERP systems are more secure as centralized security policies can be applied to them. All
the transactions happening via the ERP systems can be tracked.
11.

ERP

systems

provide

better

company-wide

visibility

and

hence

enable

better/faster collaboration across all the departments.

12. It is possible to integrate other systems (like bar-code reader, for example) to the ERP
system through an API (Application Programming Interface).
13. ERP systems make it easier for order tracking, inventory tracking, revenue tracking, sales
forecasting and related activities.
14. ERP systems are especially helpful for managing globally dispersed enterprise
companies, better.
Thanks for visiting us!! Subscribe!!

Page 4

Implementing ERP System

Producing Enterprise Resource Planning (ERP) software is complex and also has many
significant implications for staff work practice. Implementing the software is a difficult task
too and one that 'in-house' IT specialists cannot handle. Hence to implement ERP software,
organizations hire third party consulting companies or an ERP vendor.
This is the most cost effective way. The time taken to implement an ERP system depends
on the size of the business, the number of departments involved, the degree of
customization involved, the magnitude of the change and the cooperation of customers to
the project.
The Driving Force behind ERP
There are two main driving forces behind Enterprise Resource Planning for a business
organization.

In a business sense, Enterprise Resource Planning ensures customer satisfaction, as

it leads to business development that is development of new areas, new products
and new services.

6
0

0
a
i
n

Also, it allows businesses to face competition for implementing Enterprise Resource

Planning, and it ensures efficient processes that push the company into top gear.

o
o

In an IT sense: Most softwares does not meet business needs wholly and the legacy
systems today are hard to maintain. In addition, outdated hardware and software is
hard to maintain.

p
l
ni

u
s

Hence, for the above reasons, Enterprise Resource Planning is necessary for management
in today's business world. ERP is single software, which tackles problems such as material
shortages, customer service, finances management, quality issues and inventory problems.
An ERP system can be the dashboard of the modern era managers.
ERP vs. CRM and SCM
CRM (Customer Relationship Management) and SCM (Supply Chain Management) are two other
categories of enterprise software that are widely implemented in corporations and non-profit
organizations. While the primary goal of ERP is to improve and streamline internal business
processes, CRM attempts to enhance the relationship with customers and SCM aims to facilitate
the collaboration between the organization, its suppliers, the manufacturers, the distributors and
the partners.
ERP Definition - A Systems Perspective
ERP, often like other IT and business concepts, are defined in many different ways. A sound
definition should several purposes:

Thanks for visiting us!! Subscribe!!

Page 5

1. It answers the question of "what is ... ?".

2. It provides a base for defining more detailed concepts in the field - ERP software, ERP
systems, ERP implementation etc.
3. It provides a common ground for comparison with related concepts - CRM, SCM etc.
4. It helps answer the basic questions in the field - benefits of ERP, the causes of ERP failure
etc.
A definition of ERP based on Systems Theory can
ERP is a system which has its goal, components, and boundary.

server

those

purposes.

The Goal of an ERP System - The goal of ERP is to improve and streamline internal business
processes, which typically requires reengineering of current business processes.
The Components of an ERP System - The components of an ERP system are the common
components of a Management Information System (MIS).

ERP Software - Module based ERP software is the core of an ERP system. Each software
module automates business activities of a functional area within an organization.
Common ERP software modules include product planning, parts purchasing, inventory
control, product distribution, order tracking, finance, accounting and human resources
aspects of an organization.
Business Processes - Business processes within an organization falls into three levels strategic planning, management control and operational control. ERP has been promoted
as solutions for supporting or streamlining business processes at all levels. Much of ERP
success, however, has been limited to the integration of various functional departments.
ERP Users - The users of ERP systems are employees of the organization at all levels, from
workers, supervisors, mid-level managers to executives.
Hardware and Operating Systems - Many large ERP systems are UNIX based. Windows NT
and Linux are other popular operating systems to run ERP software. Legacy ERP systems
may use other operating systems.

6
0

0
a
i
n

o
o

p
l
ni

u
s

The Boundary of an ERP System - The boundary of an ERP system is usually small than the
boundary of the organization that implements the ERP system. In contrast, the boundary of supply
chain systems and ecommerce systems extends to the organization's suppliers, distributors,
partners and customers. In practice, however, many ERP implementations involve the integration
of ERP with external information systems.

Thanks for visiting us!! Subscribe!!

Page 6

6
0

0
a
i
n

o
o

p
l
ni

u
s

Thanks for visiting us!! Subscribe!!

Page 7

3. List the different criteria which can be used in decision making. Explain how quality
of information improves the knowledge and decision making capability of the people.
The following decision making methods can be used to improve your decision making skill.

Multiple Criteria Decision Analysis (same or related techniques: Grid Analysis,

Kepner-Tregoe Matrix) - This technique provides a good compromise between
intuition and analysis by using a systematic framework that evaluates options against
a defined set of success criteria with adjustments for risk. This technique was
developed by Dr. Charles H. Kepner and Dr. Benjamin B. Tregoe. It was published in
"The Rational Manager" in 1965 and became a foundational work forbusiness
decision making.
Paired Comparison Analysis - Options are compared against one another in pairs to
establish relative importance. A drawback in this technique is that little or no
information is exposed that identifies the criteria supporting each alternative.
Analytic Hierarchy Process (AHP) - This is an enhanced Multiple Criteria technique
that uses Paired Comparison with additional mathematics to help address the
subjectivity and intuition that is inherent in a human decision making technique. AHP
was originally developed by Dr. Thomas Saaty in the 1970s. This technique is usually
applied to very complex group decisions.

6
0

0
a
i
n

Decision making tree - This technique helps visualize multistage

decision problems while addressing uncertain outcomes. It can be useful in deciding
between strategies or investment opportunities with constrained resources.

o
o

p
l
ni

Pro/Con (same or related techniques: Plus/Minus/Interesting (PMI),

Pro/Con/Fix(PCF), Weighted Pro/Con , T-chart, Force Field Analysis) - This is the age
old approach of looking at the pros and cons of two options. A key limitation is that
these decision making techniques look at only two options at a time.

u
s

Influence diagrams (ID) - The decision network in our model is a form of influence
diagram where influences are graphically represented for a decision situation.
Influence diagrams provide an alternative to decision trees that grow exponentially
with more variables.
Game Theory - For complex strategic decisions where it is beneficial to take into
account the likely response of outside participants(e.g. customers, competitors,
government), Game Theory provides a potentially valuable decision making
technique. Game Theory approaches can be considered extensions to Influence
Diagrams. It's most significant limitation is in the simplifying assumptions needed to
reduce a decision to a solvable game problem.
Multi-voting - This technique is used for group decisions to choose fairly between
many options. It is best used to eliminate lower priority alternatives before using a
more rigorous technique to finalize a decision on a smaller number of options.

Thanks for visiting us!! Subscribe!!

Page 8

Cost/Benefit analysis - This is limited to financial decisions or can provide the data
for evaluation of financial criteria in other decision making techniques.
Net Present Value (NPV) and Present Value (PV) - Net present value and present
value calculations are often used for capital budgeting and investment decisions.
NPV is sometimes considered a single criteria decision technique.
Linear Programming(LP) - Generally used to optimize limited resources, linear
programming is a mathematical technique whererequirements are represented by
linear equations. Useful problems in operations research can be addressed using this
technique.
Conjoint analysis (same or related techniques: stated preference analysis, choice
modeling, discrete choice) - A statistical technique used in market research, conjoint
analysis is used to estimate the psychological tradeoffs made by consumers for
features and/or attributes of a product or service. This can be helpful in forecasting
consumer acceptance and determining market positioning.
Affinity Diagrams (same or related technique: KJ Method) - Address information
overload by organizing many ideas and large amounts of data using this technique.
This technique is typically used as part of a brainstorming exercise.

6
0

0
a
i
n

Trial and Error - This approach to learning has provided the basis for decision making
from our childhood. Main limitations are that consequences for decision failure
should be small, and proper reflection must be done after the trial and error to
ensure that correct cause/effect relationships are identified in the learning.

o
o

p
l
ni

Heuristic Methods - These are trial and error decision making approaches that start
with a model that is refined with ongoing experimentation. Because they aren't
accurate, use heuristics to reduce options or save time when approximations will be
acceptable.

u
s

Scientific Method - Typically used to explore scientific questions, this problem

solving technique also can be used to make decisions. As experiments are used to
further confirm or refine a hypothesis, this technique could be considered a heuristic
method.

5. Define the term Business Intelligence. Discuss the features of any two Business
Intelligence tools
AnswerBusiness intelligence (BI) is the set of techniques and tools for the transformation of raw
data into meaningful and useful information for business analysis purposes. BI technologies
are capable of handling large amounts of unstructured data to help identify, develop and
otherwise create new strategic business opportunities. The goal of BI is to allow for the easy
interpretation of these large volumes of data. Identifying new opportunities and
Thanks for visiting us!! Subscribe!!

Page 9

implementing an effective strategy based on insights can provide businesses with a

competitive market advantage and long-term stability.
BI technologies provide historical, current and predictive views of business operations.
Common functions of business intelligence technologies are reporting, online analytical
processing, analytics, data mining, process mining, complex event processing, business
performance management, benchmarking, text mining, predictive analytics and prescriptive
analytics.
BI can be used to support a wide range of business decisions ranging from operational to
strategic. Basic operating decisions include product positioning or pricing. Strategic business
decisions include priorities, goals and directions at the broadest level. In all cases, BI is most
effective when it combines data derived from the market in which a company operates
(external data) with data from company sources internal to the business such as financial
and operations data (internal data). When combined, external and internal data can provide
a more complete picture which, in effect, creates an "intelligence" that cannot be derived by
any singular set of data

6
0

The key general categories of business intelligence tools are:

0
a
i
n

Spreadsheets
Reporting and querying software: tools that extract, sort, summarize, and present
selected data
OLAP: Online analytical processing
Digital dashboards
Data mining
Data warehousing
Local information systems

o
o

p
l
ni

u
s

Except for spreadsheets, these tools are sold as standalone tools, suites of tools,
components of ERP systems, or as components of software targeted to a specific industry.
The tools are sometimes packaged into data warehouse appliances.

Following are the features of two Business Intelligence tools

1. Data Warehouse Features
The key features of a data warehouse are discussed below:

Subject Oriented - A data warehouse is subject oriented because

information around a subject rather than the organization's ongoing
These subjects can be product, customers, suppliers, sales, revenue,
warehouse does not focus on the ongoing operations; rather it
modelling and analysis of data for decision making.

Thanks for visiting us!! Subscribe!!

it provides
operations.
etc. A data
focuses on

Page 10

Integrated - A data warehouse is constructed by integrating data from

heterogeneous sources such as relational databases, flat files, etc. This integration
enhances the effective analysis of data.
Time Variant - The data collected in a data warehouse is identified with a particular
time period. The data in a data warehouse provides information from the historical
point of view.
Non-volatile - Non-volatile means the previous data is not erased when new data is
added to it. A data warehouse is kept separate from the operational database and
therefore frequent changes in operational database are not reflected in the data
warehouse.

Note: A data warehouse does not require transaction processing, recovery, and
concurrency controls, because it is physically stored and separate from the operational
database.

6
0

2. Data Mining

0
a
i
n

Data mining is a tool, not a magic wand. It wont sit in your database watching what
happens and send you e-mail to get your attention when it sees an interesting pattern. it
doesnt eliminate the need to know your business, to understand your data, or to
understand analytical methods. Data mining assists business analysts with finding patterns
and relationships in the data - it does not tell you the value of the patterns to the
organization. Furthermore, the patterns uncovered by data mining must be verified in the
real world.

o
o

p
l
ni

u
s

Remember that the predictive relationships found via data mining are not
necessarily causes of an action or behavior. For example, data mining might determine that
males with incomes between $50,000 and $65,000 who subscribe to certain magazines are
likely purchasers of a product you want to sell. While you can take advantage of this
pattern, say by aiming your marketing at people who fit the pattern, you should not assume
that any of these factors cause them to buy your product.
To ensure meaningful results, its vital that you understand your data. The quality of your
output will often be sensitive to outliers (data values that are very different from the typical
values in your database), irrelevant columns or columns that vary together (such as age and
date of birth), the way you encode your data, and the data you leave in and the data you
exclude. Algorithms vary in their sensitivity to such data issues, but it is unwise to depend
on a data mining product to make all the right decisions on its own.
Data mining will not automatically discover solutions without guidance. Rather than setting
the vague goal, Help improve the response to my direct mail solicitation, you might use
data mining to find the characteristics of people who (1) respond to your solicitation, or (2)
Thanks for visiting us!! Subscribe!!

Page 11

respond AND make a large purchase. The patterns data mining finds for those two goals
may be very different.
Although a good data mining tool shelters you from the intricacies of statistical techniques,
it requires you to understand the workings of the tools you choose and the algorithms on
which they are based. The choices you make in setting up your data mining tool and the
optimizations you choose will affect the accuracy and speed of your models.
Data mining does not replace skilled business analysts or managers, but rather gives them a
powerful new tool to improve the job they are doing. Any company that knows its business
and its customers is already aware of many important, high-payoff patterns that its
employees have observed over the years. What data mining can do is confirm such
empirical observations and find new, subtle patterns that yield steady incremental
improvement (plus the occasional breakthrough insight).
5. Explain how system analysis approach is different in new system requirement
compared to the existing system. What problems does the system analyst face in
ascertaining the information requirement at the various levels of Management?

6
0

0
a
i
n

Answer: Coming soon...

o
o

6. What is Decision Support System (DSS)? Explain different components of DSS with a
diagram. How it does facilitate managers in decision making.

p
l
ni

Answer: A decision support system (DSS) is a computer program application that analyzes
business data and presents it so that users can make business decisions more easily. It is an
"informational application" (to distinguish it from an "operational application" that collects
the data in the course of normal business operation).Typical information that a decision
support application might gather and present would be:

u
s

Comparative sales figures between one week and the next

Projected revenue figures based on new product sales assumptions

The consequences of different decision alternatives, given past experience in a context

that is described

A decision support system may present information graphically and may include an expert
system or artificial intelligence (AI). It may be aimed at business executives or some other
group of knowledge workers.

Thanks for visiting us!! Subscribe!!

Page 12

COMPONENTS OF DSS

6
0

0
a
i
n

o
o

Decision support systems vary greatly in application and complexity, but they all share
specific features. Typical Decision support system has four components: data management,
model management, knowledge management and user interface management.

p
l
ni

u
s

4.1 Data Management Component

The data management component performs the function of storing and maintaining the
information that you want your Decision Support System to use. The data management
component, therefore, consists of both the Decision Support System information and the
Decision Support System database management system. The information you use in your
Decision Support System comes from one or more of three sources:
-Organizational information; you may want to use virtually any information available in the
organization for your Decision Support System. What you use, of course, depends on what
you need and whether it is available. You can design your Decision Support System to access
this information directly from your companys database and data warehouse. However,
specific information is often copied to the Decision Support System database to save time in
searching through the organizations database and data warehouses.
-External information: some decisions require input from external sources of information.
Various branches of federal government, Dow Jones, Compustat data, and the internet, to
mention just a few, can provide additional information for the use with a Decision Support
Thanks for visiting us!! Subscribe!!

Page 13

System.
-Personal information: you can incorporate your own insights and experience your personal
information into your Decision Support System. You can design your Decision Support
System so that you enter this personal information only as needed, or you can keep the
information in a personal database that is accessible by the Decision Support System.

4.2 Model Management Component

The model management component consists of both the Decision Support System models
and the Decision Support System model management system. A model is a representation
of some event, fact, or situation. As it is not always practical, or wise, to experiment with
reality, people build models and use them for experimentation. Models can take various
forms.
Businesses use models to represent variables and their relationships. For example, you
would use a statistical model called analysis of variance to determine whether newspaper,
TV, and billboard advertising are equally effective in increasing sales.

6
0

0
a
i
n

Decision Support Systems help in various decision-making situations by utilizing models that
allow you to analyze information in many different ways. The models you use in a Decision
Support System depend on the decision you are making and, consequently, the kind of
analysis you require. For example, you would use what-if analysis to see what effect the
change of one or more variables will have on other variables, or optimization to find the
most profitable solution given operating restrictions and limited resources. Spreadsheet
software such as excel can be used as a Decision Support System for what-if analysis.

o
o

p
l
ni

u
s

The model management system stores and maintains the Decision Support Systems
models. Its function of managing models is similar to that of a database management
system. The model management component cannot select the best model for you to use for
a particular problem that requires your expertise but it can help you create and manipulate
models quickly and easily
4.3 User Interface Management Component
The user interface management component allows you to communicate with the Decision
Support System. It consists of the user interface management system. This is the component
that allows you to combine your know-how with the storage and processing capabilities of
the computer
The user interface is the part of the system you see through it when enter information,
commands, and models. This is the only component of the system with which you have
direct contract. If you have a Decision Support System with a poorly designed user interface,
if it is too rigid or too cumbersome to use, you simply wont use it no matter what its

Thanks for visiting us!! Subscribe!!

Page 14

capabilities. The best user interface uses your terminology and methods and is flexible,
consistent, simple, and adaptable.
For an example of the components of a Decision Support System, lets consider the Decision
Support System that Lands End has tens of millions of names in its customer database. It
sells a wide range of womens, mens, and childrens clothing, as well various household
wares. To match the right customer with the catalog, lands end has identified 20 different
specialty target markets. Customers in these target markets receive catalogs of merchandise
that they are likely to buy, saving Lands End the expense of sending catalogs of all products
to all 20 million customers. To predict customer demand, lands end needs to continuously
monitor buying trends. And to meet that demand, lands end must accurately forecast sales
levels. To accomplish these goals, it uses a Decision Support System which performs three
tasks:

-Data management: The Decision Support System stores customer and product information.
In addition to this organizational information, Lands End also needs external information,
such as demographic information and industry and style trend information.

6
0

-Model management: The Decision Support System has to have models to analyze the
information. The models create new information that decision makers need to plan product
lines and inventory levels. For example, Lands End uses a statistical model called regression
analysis to determine trends in customer buying patterns and forecasting models to predict
sales levels.

0
a
i
n

o
o

-User interface management: A user interface enables Lands End decision makers to access
information and to specify the models they want to use to create the information they
need.

p
l
ni

u
s

4.4 Knowledge Management Component

The knowledge management component, like that in an expert system, provides

information about the relationship among data that is too complex for a database to
represent. It consists of rules that can constrain possible solution as well as alternative
solutions and methods for evaluating them.
For example, when analyzing the impact of a price reduction, a Decision Support System
should signal if the forecasted volume of activity exceeds the volume that the projected
staff can service. Such signalling requires the Decision Support System to incorporate some
rules-of-thumb about an appropriate ratio of staff to sales volume. Such rules-of-thumb,
also known as heuristics, make up the knowledge base.

Thanks for visiting us!! Subscribe!!

Page 15

DSS can be extremely beneficial to any organizations overall performance. However, DSS can also
be the cause of great confusion, misperception and even inaccurate analysis these systems are not
designed to eliminate bad decisions. DSS are there to facilitate a manager in making operational
decisions, but the ultimate burden of responsibility lies with the manger. Managers can sometimes be
over-optimistic in their expectations of a DSS and develop a unrealistic reliance on the system
(Power, C.J; Caveat Emperor). Also, if managers continue to ask the wrong questions (queries), the
benefit of the systems is already partially lost. When managers have preconceived notions and
misconceptions about a certain operational function, a DSS can magnify the harm by justifying the
managers position simply because of the logic of the managers queries or because the manager draw
the wrong conclusion about a certain output. Users of the DSS should be critical consumers and
never replace the systems functions with their own clinical reasoning

7. Explain the similarities and differences between viruses and hackers. Discuss the

6
0

importance of information security policies and information security plan.

0
a
i
n

Answer : The Importance of a Good Information Security Policy

Information security policy is a high-level set of security-related requirements that set the
ground rules for security within an organization. A good policy should cover critical issues
such as user responsibilities, ownership of information processing resources and
information, baseline security, and so on. A good information security policy is one of the
critical underpinnings of an effective security practice, yet not all security policies in todays
information security practices are up to par.

o
o

p
l
ni

u
s

As the High Tower CISO, Ive wrestled with the provisions of our security policy. I am not
trying to criticize any of my predecessors at High Tower at all, but when I took over the lead
security role, I found our information security policy to not be what was needed. Someone
had apparently ordered what might be described as a policies kit that covered a wide range
of security-related issues. Each area in turn consisted of a myriad of policy statements, many
of which appeared to apply to environments that were considerably different from High
Towers. I suspect that if every employee were required to learn the many policy provisions
and then were tested on them, the average score would not have been very high; the
amount of content was simply overwhelming. Perhaps worse yet, critical issues such as data
ownership were omitted altogether.
I found that I had to throw out everything that had been done before and start working on
our policy from scratch. The starting point for me was talking with the person who was our
CEO at that time to learn of his expectations concerning information security. I used the
notes from our talk as well as my knowledge of what our company is trying to accomplish
and how we are trying to achieve our goals to identify nine major areas that I felt would
have to be addressed in High Towers security policy. Among these was the area of
employee responsibilities concerning the use and care of computing resources. Another was
ownership of company information and computer resources.
Thanks for visiting us!! Subscribe!!

Page 16

I am a firm believer that an information security policy needs to be a high-level document

one that provides guidance and direction to management, system and data owners, system
and network administrators, and users without specifying to a T exactly what to do.
Standards and procedures, both of which should ultimately be derived from policy, are
designed to provide more explicit direction. Besides, just as a countrys constitution should
continue to be meaningful over time and as conditions change, a good security policy should
stay relevant over time and despite changes such as technology and operational changes
within an organization. I thus wrote the policy provisions for the nine major areas of the
policy such that each was covered at a sufficiently high level that they would provide
meaningful direction without mandating exactly what to do.
No security policy will work universally exactly as it is written. Special business and
operational needs that arise from time-to-time will dictate that exceptions to certain policy
provisions be granted. I thus ensured that provisions concerning how to apply for and also
how to grant exceptions were also incorporated into the High Tower policy.
I also believe that a policy that is not worded clearly and simply will not achieve the desired
results. I thus attempted to write the policy provisions using simple wording, My sentences
also tended to be short. I bounced several draft versions off of a variety of High Tower
employees to determine whether the policy provisions were as understandable as I wanted
them to be, using the feedback I obtained to make modifications throughout the document.

6
0

0
a
i
n

Finally, I met with the CEO of High Tower to go over the policy document as it was at the
time and ensure that he agreed with the provisions therein. After making several
modifications that he wanted, I asked him to sign off on the policy. Once he did so, I ensured
that the signed version was posted on our companys Web site. After all, without
unambiguous senior management backing, employees and others such as contractors are
likely to pay attention to little if any information security-related guidance and
requirements.

o
o

p
l
ni

u
s

A security policy is invariably a living document. No matter how well written a policy
document is, changes will be necessary over time. I thus review the policy provisions no less
than once a year, proposing changes as they are needed. The CEO must sign off on any
changes. The most recent change, for example, concerned the addition of special
precautions required when sensitive and proprietary information is taken offsite.
Policy is critical in information security. Without a policy that is appropriate for an
organizations business and operations, that is not openly backed by senior management,
and that is clearly and succinctly written, information security efforts are almost invariably
marginalized by lack of direction and also by what effectively amounts to anarchy. Ive
shared some of the things Ive done to develop and maintain an effective security policy at
High Tower in the hope that they may help others who are struggling with policy-related
issues in their own security practices.

8. Explain the significance of Knowledge Management. Discuss the issues to be considered

for successful implementation of knowledge management?
Thanks for visiting us!! Subscribe!!

Page 17

Answer: Knowledge Management (KM) is a discipline that improves the ability of

organisations to solve problems better, adapt, evolve to meet changing business
requirements, and survive disruptive changes such as staff turnover.
Knowledge Management recognises that organisations are a complex system made up of
both the people that work for the organisation, and the processes, procedures and
information systems that drive our actions.
The revolution in communications over the past 50 years (email, internet, telephone and
fax) now allows people to talk directly to each other without the use of intermediaries such
as managers or team leaders. This allows organisations to be more efficient by bringing
together needed expertise and knowledge on demand.
However, with this new approach, knowledge gained and lessons learned are not always
shared across the organisation. In other words, some people may know the solution to a
particular problem, but the organisation as a whole may not be aware. This can lead to loss
of critical knowledge when staff leaves, and for inefficient practices to remain despite better
solutions being available.

6
0

0
a
i
n

Modern organisations need to build a new culture that promotes knowledge sharing and
constant learning while preserving and recording appropriate information. This is essential
in order for corporate knowledge to be effectively retained and enhanced.

o
o

p
l
ni

The key objective of Knowledge Management is to enhance knowledge processing.

Organisations will have realised this objective when they:

u
s

correctly identify problems that need solving as they occur

have robust information location and retrieval channels to enhance individual decision
making
embrace effective knowledge creation processes
ensure that created knowledge is shared with and integrated across the whole of the
organisation
Methods that can help to achieve these goals include:

making better use of collaboration and communication tools

creating and promoting internal communities of practice
fostering the identity of virtual teams
using KM techniques such as Before Action Reviews (BAR), After Actions Reviews (AAR),
pre-mortems, and retrospects during change activities
encouraging the use of a common language (eg corporate glossary, classification and/or
taxonomies)
Thanks for visiting us!! Subscribe!!

Page 18

Benefits of implementing effective Knowledge Management include:

fully and accurately informed employees, clients, and stakeholders

improved team effectiveness and delivery of outcomes
an organisational culture devoted to continuous improvement
an organisation that is resilient and adaptable in the face of change
Critical success factors of knowledge management systems
A critical success factor is any event that must occur for the project to meet its goals and
objectives, Jennex (2007) studied different critical success factors (CSF) in KM and reported
that portals are an important component of a knowledge management system.
Cross and Baird (2000) in their investigation reported that KM would not improve business
performance simply by using technology to capture and share the lessons of experience. In
their survey, they claimed that the creation of organizational memory could improve the
business performance and indicated some of the most important parameters on the success
of KM as follows,

6
0

0
a
i
n

Supporting personal relationships between experts and knowledge users

Providing incentives to motivate users to learn from experience and to use the KMS
Providing distributed databases to store knowledge and pointers to knowledge
Providing work processes for users to convert personal experience into organizational
learning
Providing direction to what knowledge the organization needs tocapture and learn from .

o
o

p
l
ni

u
s

Thanks for visiting us!! Subscribe!!

Page 19

66
0
0
0
a
i
0
n
a
i
o
n
o
o
ppo
l
i
n
l
i
u
ssun